Openwrt 19.07 based Gargoyle

[papka__]

Will try. Thank you.

P.S. Is it bad idea to include wpad-openssl instead of wpad-mini to default config?

[oliver44]

@Lantis
It looks like WAP3 doesn't work , wrt1900acs v2
http://s.go.ro/x897pexv
You can publish another version 1.13.x with fixed version for Adblock and WAP3?

Thx

[Lantis]

Will try. Thank you.

P.S. Is it bad idea to include wpad-openssl instead of wpad-mini to default config?

Are you asking whether it's a bad idea that I've done it? Or whether it would be bad to do it?

Either way, we need it to enable WPA3. I've left it out of a few profiles which are on the smaller side.

[Lantis]

@Lantis
It looks like WAP3 doesn't work , wrt1900acs v2
http://s.go.ro/x897pexv
You can publish another version 1.13.x with fixed version for Adblock and WAP3?

Thx

I'm already building the new version. Please be patient, or learn to build it yourself

I'm not convinced that Wpa3 isn't working there. How do you know that both of your scanners actually support it? If they don't understand the network, they'll see it as Wpa2, especially given you have it in dual mode.

Test it with a device you can guarantee supports it, then let me know.
Also there are some reports that the mwlwifi driver doesn't work well with wpa3 so that may be a problem in future.

[papka__]

Are you asking whether it's a bad idea that I've done it? Or whether it would be bad to do it?

Question was more about - are there any consequences, I'm not aware about, disabling wpad-mini and leaving only wpad-openssl. And if not, then maybe you could change it in default config.
Sorry, not mentioned, I'm talking about ramips config.

[Lantis]

Ahh, ok. I didn't remember that i hadn't enabled it for ramips.

The problem is that wpad-openssl relies on the libopenssl package, which is almost 1MB in size.
So for any target that has the OpenVPN plugin installed by default, i enabled it.

I'll need to double check which targets have other requirements which are automatically including libopenssl anyway. If they already have this library, there's no reason we shouldn't also run wpad-openssl.
It looks like ewget (which is included in every target) required libopenssl, and therefore there's not much reason to not run wpad-openssl as well. I'll look

[papka__]

Great. Thank you.

[papka__]

So. I tested WPA3/WPA2 setup. I reset router to default config and

Code: Select all

option auth_cache '1'

this line not appeared inside wireless config.

Code: Select all

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'pci0000:00/0000:00:01.0/0000:02:00.0'
	option htmode 'HT20'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
	option htmode 'VHT80'

config wifi-iface 'ap_g'
	option device 'radio0'
	option mode 'ap'
	option network 'lan'
	option disassoc_low_ack '0'
	option ssid 'Gargoyle'
	option encryption 'sae-mixed'
	option key '12345678'

config wifi-iface 'ap_a'
	option device 'radio1'
	option mode 'ap'
	option network 'lan'
	option disassoc_low_ack '0'
	option ssid 'Gargoyle'
	option encryption 'sae-mixed'
	option key '12345678'

Build based on OpenWRT RC2.

[Lantis]

It isn't needed explicitly in the config anymore with the latest patch, it is set as a default in the hostapd config generation script.

https://git.openwrt.org/?p=openwrt/open ... 83bde6e3e4

So if you setup everything and then do
cat /var/run/hostapd-phy0.conf
and look for "okc=1", then you know it is enabled as required.

If your devices still aren't working, it could be non-compliant clients, or possibly that your wifi chipset/drivers don't support the required encryption.
Some of the early ar71xx devices can't support it in hardware and you need to explicitly disable hardware encryption for wifi to make it work.

[Lantis]

I've uploaded a new build to the same place:
https://lantisproject.com/gargoyle_custom/

This one is based on:
https://github.com/ericpaulbishop/gargo ... d9a9660bba